You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Brian Pane <bp...@pacbell.net> on 2001/12/03 02:45:25 UTC

cvs commit: httpd-2.0/server util.c

Note: given the role of this function in keeping requests inside the
document root, I've tested this new code against the standard boundary
cases like "/./../foo" and "/foo/../../bar".  If anyone has specific
additional test cases or points of concern, though, please let me know.
Thanks,
--Brian

brianp@apache.org wrote:

>brianp      01/12/02 16:49:28
>
>  Modified:    server   util.c
>  Log:
>  Optimization for ap_getparents: skip past all the leading
>  characters of the path that aren't '.' rather than copying
>  those bytes onto themselves
>  
>  Revision  Changes    Path
>  1.118     +7 -4      httpd-2.0/server/util.c
>  
>  Index: util.c
>  ===================================================================
>  RCS file: /home/cvs/httpd-2.0/server/util.c,v
>  retrieving revision 1.117
>  retrieving revision 1.118
>  diff -u -r1.117 -r1.118
>  --- util.c	2001/12/02 20:38:33	1.117
>  +++ util.c	2001/12/03 00:49:28	1.118
>  @@ -476,12 +476,15 @@
>    */
>   AP_DECLARE(void) ap_getparents(char *name)
>   {
>  -    int l, w;
>  +    char *next;
>  +    int l, w, first_dot;
>   
>       /* Four paseses, as per RFC 1808 */
>       /* a) remove ./ path segments */
>  -
>  -    for (l = 0, w = 0; name[l] != '\0';) {
>  +    for (next = name; *next && (*next != '.'); next++) {
>  +    }
>  +    l = w = first_dot = next - name;
>  +    while (name[l] != '\0') {
>   	if (name[l] == '.' && name[l + 1] == '/' && (l == 0 || name[l - 1] == '/'))
>   	    l += 2;
>   	else
>  @@ -496,7 +499,7 @@
>       name[w] = '\0';
>   
>       /* c) remove all xx/../ segments. (including leading ../ and /../) */
>  -    l = 0;
>  +    l = first_dot;
>   
>       while (name[l] != '\0') {
>   	if (name[l] == '.' && name[l + 1] == '.' && name[l + 2] == '/' &&
>  
>  
>  
>

Re: This mailing list...

Posted by "William A. Rowe, Jr." <wr...@covalent.net>.

Read your messages headers [on any well behaved list.]

Should be some header like;

list-unsubscribe: <ma...@httpd.apache.org>

if that helps.  [a blank message works fine, or you could write a 200
line note.  Doesn't matter to the mail list engine.]

Bill

----- Original Message ----- 
From: "Voltaire C. Feliciano" <fe...@100.ph>
To: <de...@httpd.apache.org>
Sent: Sunday, December 02, 2001 8:27 PM
Subject: This mailing list...


> 
> How do i get out of it! :)
>

This mailing list...

Posted by "Voltaire C. Feliciano" <fe...@100.ph>.

How do i get out of it! :)